Just when you thought you’ve seen the end of hacked cinema’s website (refering to Malaysia’s GSC website), another one surfaces at TGV.com.my just about 3 months later. According to SANS Internet Storm center, this type of SQL injection uses SQL commands to attack the “sysobject” and “syscolumn” in the database and particularly a website that uses Active Server Pages(ASP).
Continue reading ‘TGV Malaysia website hacked with SQL injection’
SANS Internet Storm Center made an alert on their website concerning a huge number of legitimate websites being hijacked by malicious iframe that will direct users to 2117966.net. Those who are using an unpatched Internet Explorer is vulnerable to this attack. According to McAfee, majority of the infected websites are running phpBB - a popular forum software. But now it seems that the attack is shifted towards .ASP pages. Further reading at SANS and McAfee.
How to protect from malicious iframe exploitation?
